Embed Size (px)
Citation preview
Integrating an AREDN node into my home network by: Emery Wooten – KC5LIO Created: 02/2019
Preface: The subject of this paper is to document a method of integrating an Amateur Radio Emergency
Data Network (AREDN) node seamlessly into my existing home computer network. The goal was to allow any
computer on my home network to access the AREDN mesh as well as being able to run any service for AREDN
by port forwarding to my networked computers. At the same time the home network would function as usual
with all computers having access to each other as well as the Internet. I wanted the ARDEN mesh to be as
easy to access as the Internet without having to plug in different cables or do anything special.
My level of computer expertise is probably above average with a long history of software and web
development however my knowledge of networking is very basic. I struggled for quite some time to
accomplish this task and found very little help specific to AREDN. I publish this paper in the hope that it will
help others, but let it be known up front that I am not an expert so take what I say for what it is worth.
Specifics: I have as a home router an Asus AC68P which receives its Internet (WAN) connection through a
DSL modem. The home network address block is 192.168.1.0/24. This router provides Wi-Fi coverage inside
the house and it also connects to a Ubiquiti Nanostation M2 (NSM2) access point (hereafter called the AP) on a
pole outside. My goal was to mount another NSM2 configured as an AREDN node on the same pole and
power it from the LAN1 port on the AP. I am only running one Cat5 cable up the pole and using a 1-amp POE
adapter to supply power to both Nanostations. To complicate matters a bit more I am also connecting the
node to an AREDN mesh tunnel, so it requires an Internet gateway. To make all this junk fly I had to purchase
a Netgear GS105Ev2 managed switch. I suspect most hams who are experimenting with AREDN are familiar
with most of this gear as the Ubiquiti devices and Netgear switches are standard fare. Other brands and
configurations will certainly accomplish the task, but it all is mentioned here just for reference.
Theory: What we have here are three networks. The Internet, the home network, and the AREDN mesh
network. The AC68P provides DHCP, DNS, and a gateway to the Internet for the home network and mesh
tunnel. The AREDN node supplies DHCP and DNS for the mesh network. The objective is to connect the home
network to the mesh network. The way to connect two networks together is with a router that does Network
Address Translation (NAT) between systems. Conveniently, we already have a router built inside the AP, so we
just need to work out the details and make all these pieces talk to each other. I am going to go through the
setup of each piece of equipment, present screenshots, and explain the settings as best I can.
FWIW: I experimented with the NAT setup in the AREDN firmware but never succeeded in making it work
correctly. What I am doing here is essentially creating my own NAT interface by using the router inside the AP.
--------------------------------------------------------------------------
The AREDN Node: The good news here is that we need to do very little with the AREDN node settings. It
works just fine with the default settings. We just need to reserve one DHCP address. You need a unique name
so I have called mine “KC5LIO-Net” with an IP of 10.165.6.77. This is one of the 5 DHCP addresses provided by
the node and it will be used to connect the node to the home network. Reserving it for the router inside the
AP will insure it is available. The MAC address is the MAC of the AP router and can be found in the Ubiquiti
airOS firmware under the Main tab/Interfaces. See the figures below for a look at both my setup screens.
Figure 1 - The AREDN mesh node Basic settings screen
Figure 2 - The AREDN node Port Forwarding, DHCP, and Services settings screen
--------------------------------------------------------------------------
The GS105E Switch: The switch is necessary to provide VLANs such that everything can communicate over the
single Cat5 cable running up the pole to the two NSM2s. In my case I am providing an AP for my home network as well
as the AREDN node. The AREDN node requires traffic tagged as VLAN 1 for the Internet and untagged for its own LAN
network. The Ubiquiti airOS firmware on the AP will pass VLAN 1 traffic but itself will not internally allow the VLAN 1 tag
so in order to bridge its wireless capabilities to my network I had to create a VLAN 5 both inside the switch and the AP.
Internally the GS105 switch also has a VLAN 3 to pass traffic untagged to the mesh node. The only way I figured out to
do this was to connect two cables from my home router to the switch. Here are the port connections:
Port 1: Goes to the Cat5 cable going up the pole to the AP.
Port 2 and 3: Available to connect computers directly to the mesh node.
Port 4 and 5: Connect to two ports on the Asus AC68Phome network router.
The figure below shows how the 802.1Q VLANs are set up in the switch. Essentially VLAN 1 and 5 are connected to the
home router. VLAN 3 is the traffic from the mesh node. At some point I may reprogram the switch to allow the use of
port 3 to replace one of the two ports occupied on my home router. Leaving one direct connection to the node is
advisable in case a total reset is warranted in the future since it allows you to plug a computer directly in and
reconfigure the node. For now, I basically took the standard switch setup as seen on the web and added VLAN 5 to it on
port 4.
When VLAN 1 and 5 go out port 1 on the switch they carry the tags. This provides paths to the home network/Internet
for both the AP and the mesh node. See the figure below for the switch setup.
Figure 3 - 802.1Q Advanced VLAN configuration inside the GS105 switch.
--------------------------------------------------------------------------
The Home Router: In my case this is an Asus AC68P. Very little change is needed in the standard setup for any
home router. It already has the smarts to create your home network and connect everything to the Internet. What you
do need to do is create a static route to the 10.xxx.xxx.xxx mesh network. The static route tells the router to send any
10.xxx.xxx.xxx IP requests to a gateway address on your network. In my case that is the address of the AP which is
192.168.1.23. The router inside the AP is the gateway into the mesh network.
Figure 4 - Asus router static route setup
You will also need to add a DNS server address for the mesh network so computers on your home network will be able
to look up addresses on the mesh. The mesh DNS server is the same as your AREDN node base address. In my case that
is 10.165.6.73 so I added it as a DNS server in the WAN settings of the Asus router. The LAN DNS settings are left empty.
All of these settings are found under the LAN and WAN tabs in the Asus routers. Almost any consumer grade router has
the ability to create a static route and define DNS settings so look around in your model and if all else fails, read the
documentation! See the Addendum at the end of this document for an alternative approach to DNS.
Figure 5 - Add the mesh DNS server to your WAN settings.
The AP: This is the device that provides the glue and makes it all work. I saved this for last because it requires the
most setup and understanding. I want to start by saying that this is unique to my application in that I am using this
Ubiquiti Nanostation AP in a dual role, both as an AP for my home network and a router to connect the home network
to the mesh network. ANY cheap router will fill the role of routing your home network to the mesh. I am using the one
inside the AP because it is there and already connected to everything I need. If you already have a home network and a
mesh node you can connect them by adding the static route and DNS in your home router and placing a generic router
in between the networks. Hopefully what I discuss here will help you understand what is happening.
First off, in my application I need a simple bridge between my home network and the wireless LAN of my access point. I
accomplished this by creating VLAN 5 in the Netgear switch and the AP. This will also provide the management interface
for the AP and determines the IP address of the AP on the home network. It appears as Bridge1 in the figures below.
I also need a bridge for connecting the mesh node to the Internet and my home network. This appears as Bridge0 in the
figures below. Bridge0 passes traffic to the mesh node both untagged and tagged as VLAN 1. Bridge0 is also where the
internal router of the AP is placed.
Here is what is happening in the AP router: The router is configured such that the mesh network is the Wide Area
Network (WAN). It is analogous to the Internet or WAN connection in a consumer router. The LAN side of the router is
your home network. In my AP router setup, it is such by default. The router does Network Address Translation (NAT)
between your home network 192.xxx.xxx.xxx addresses and the mesh 10.xxx.xxx.xxx addresses. It works exactly the
same way your standard home router is able to connect all your computers to the Internet at the same time, only in our
case it is connecting our computers to the mesh network. If you wish to provide a service on the mesh and host it on
one of your home computers you will need to port forward through the AP router back into your network. This is again
working in exactly the same way as port forwarding in your home router so that a computer or camera can be viewed
from another location on the Internet.
In a nutshell, the AREDN mesh network becomes the “Internet” as far as this router is concerned. The router uses NAT
and places a firewall between itself and your home network. You can “surf” the mesh just like you “surf” the Internet
and you must open/forward ports for anything on the mesh to get back into your home network.
The Network tab is the key to this setup in the AP. I have shown the complete page below with all sections of
importance expanded. Other settings in the AP are pretty standard. Wireless is setup as you would any AP. On the
Advanced tab you will want to enable POE Passthrough so that the mesh node NSM2 receives power. The Cat5 cable
from port 1 on the GS105 switch goes to the main port on the AP. A cable from LAN1 on the AP is then connected to the
main port on the AREDN mesh node device.
Notes: You will see I have two port forwards set up. These are for services I am offering on the mesh and forward to a
computer on my home network. There will obviously be different numbers for your environment. As an example let’s
say you have a camera on your home network at address 192.168.1.44:8083. In the AP router you would set up a port
forward for port 8083 with the destination IP of 192.168.1.44.
My management network interface is on Bridge1 with the IP set to 192.168.1.23. This defines the address of the AP on
your home network. You can set this to any unused fixed IP you wish keeping in mind that this address is also used in
the static route in your home network router. They must match for your home network router to find the gateway into
the mesh.
Conclusion: I hope this paper gives you an idea of how to integrate your existing home network with the AREDN
mesh network. I spent upwards of 20 hours experimenting with different scenarios before I arrived at this solution. The
variables are many and I am sure there are other ways to accomplish the task. I will say that this does work very well,
and it is nice to be able to do everything from my everyday computers and host services for the mesh on them too.
That’s what ham radio is all about…Have fun!
Figure 6 - Network tab for the Ubiquiti AP (top half of web page)
Figure 7 - Network tab for the Ubiquiti AP (bottom half of web page)
--------------------------------------------------------------------------
Addendum: USE AT YOUR OWN RISK. Even networking professionals often fail to account for holes and possible
bugs in routing systems. I am not an expert and offer this as an experimental technique only.
That said, there may also be concerns with non-ham radio operators using AREDN. You may want to set the AREDN
mesh DNS address individually in computers intended for use on the mesh instead of in the router. When this is done
only computers with the custom DNS addresses will be able to find .mesh names. This will limit but not completely
prevent other users of your home network from accessing the mesh. It will stop a non customized computer from doing
DNS for .mesh names but if the 10.xxx.xxx.xxx address is known they will still have access. This can be done with
adapter settings/IPv4 properties in Windows. Other methods of limiting home network user access involve individual
home router settings that are beyond the scope of this document.
Figure 8 - Windows IPv4 properties for the Wi-Fi network adapter. Do the same for all network adapters needing DNS for your mesh node.
-73-
